Bookmarks Menu
Bookmarks Toolbar
Bookmarks Toolbar
offensive-bookmarks
OSINT
individuals
- PimEyes: Face Recognition Search Engine and Reverse Image Search
- Username Search - Social Media Profile Lookup - IDCrawl
- CheckUsernames - Social Media Username Search by KnowEm
- FaceCheck - Reverse Image Search - Face Recognition Search Engine
- NameCheckup - Find Available Username
- WhatsMyName Web
- pictriev, face search engine
companies
- crt.sh | Certificate Search
- DNSdumpster.com - dns recon and research, find and lookup dns records
- 28 Online Vulnerability Scanners & Network Tools | HackerTarget.com
- Phonebook.cz - Intelligence X
- WHOIS Search, Domain Name, Website, and IP Tools - Who.is
- intoDNS: checks DNS and mail servers health
- URL and website scanner - urlscan.io
- Webpage archive
- Internet Archive: Digital Library of Free & Borrowable Books, Movies, Music & Wayback Machine
- BuiltWith Technology Lookup
- Hurricane Electric BGP Toolkit
- WordPress Recon and Security Testing | wprecon.com – Online WordPress Testing Tool to discover security related information and configuration issues.
- PageSpeed Insights
- Entrust Certificate Search - Entrust, Inc.
- Analyse your HTTP response headers
- IP and Domain Reputation Center || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
- Crunchbase: Discover innovative companies and the people behind them
- OSINT.SH - All in one Information Gathering Tools
- MAC Address Vendor Lookup | MAC Address Lookup
- Home | MAC Vendor Lookup Tool & API | MACVendors.com
emails
- Have I Been Pwned: Check if your email has been compromised in a data breach
- Temp Mail – The Best Temp Email Inbox
- Temp Mail - Temporary Email
- Find email addresses in seconds • Hunter (Email Hunter)
- Epieos, the ultimate OSINT tool
- Email Reputation Check, Email Risk Score Check | APIVoid
- Email Finder • Free email search for B2B sales | Snov.io
search engines
- Shodan Search Engine
- Exposure Management and Threat Hunting Solutions | Censys
- Google
- Yandex
- Yahoo Search - Web Search
- DuckDuckGo — Privacy, simplified.
- Home - ZoomEye really mapping,global leader of cyberspace mapping
- GreyNoise Visualizer
- SerpApi: Google Search API
- Google Hacking Database (GHDB) - Google Dorks, OSINT, Recon
geolocation
- Locate IP Address Lookup
- Online photo metadata and EXIF data viewer | Jimpl
- Photo Location & Online EXIF Data Viewer - Pic 2 Map
cameras
- Insecam - World biggest online cameras directory
- EarthCam - Webcam Network
wireless
- WiGLE: Wireless Network Mapping
- OSINT Framework
- jivoi/awesome-osint: A curated list of amazingly awesome OSINT
- smicallef/spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
cheat sheets
web
- payloadbox/xss-payload-list: 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
- https://security.love/CSRF-PoC-Genorator/
- Bug Bounty Cheatsheet
- swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- dwisiswant0/awesome-oneliner-bugbounty: A collection of awesome one-liner scripts especially for bug bounty tips.
- daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)
- GTFOBins
- LOLBAS
- HackTricks - HackTricks
- blackc03r/OSCP-Cheatsheets: OSCP Cheatsheets
- Nmap Cheat Sheet 2023: All the Commands, Flags & Switches
- infosecn1nja/AD-Attack-Defense: Attack and defend active directory using modern post exploitation adversary tradecraft activity
- File Signatures
- explainshell.com - match command-line arguments to their help text
- Cheat Sheets | pentestmonkey
- Red Teaming Toolkit Collection -
malware development
code repos
- adamyaxley/Obfuscate: Guaranteed compile-time string literal obfuscation header-only library for C++14
- JustasMasiulis/inline_syscall: Inline syscalls made easy for windows on clang
- cinzinga/Evasion-Practice: A variety of AV evasion techniques written in C# for practice.
- jthuraisamy/SysWhispers: AV/EDR evasion via direct system calls.
- vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages.
- tarcisio-marinho/GonnaCry: A Linux Ransomware
- EgeBalci/EGESPLOIT: EGESPLOIT is a golang library for malware development
- cobbr/SharpSploit: SharpSploit is a .NET post-exploitation library written in C#
- not-sekiun/PyIris: PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.
- dmdhrumilmistry/pyhtools: A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.
- cdong1012/Rust-Ransomware: Ransomware written in Rust
- cocomelonc/peekaboo: Simple undetectable shellcode and code injector launcher example. Inspired by RTO malware development course.
- safesploit/PythonRAT: Command and Control (C2) server with backdoor acting as Remote Administration Trojan (RAT) written in Python3
- MrTuxx/OffensiveGolang: A collection of offensive Go packages inspired by different Go repositories.
- EddieIvan01/memexec: A library for loading and executing PE (Portable Executable) from memory without ever touching the disk
- Mahmoud7Osman/CVenom: CVenom is An Ultra Easy-To-Use Cross-Platform Malware Development Framework For Advanced Malware Development
- alichtman/malware-techniques: A collection of techniques commonly used in malware to accomplish core tasks.
- MalDev101/Loveware: Community driven computer worm
- LordNoteworthy/al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
- rootkit-io/awesome-malware-development: Organized list of my malware development resources
- sevagas/macro_pack: macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
- outflanknl/EvilClippy: A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
- Mr-Un1k0d3r/UniByAv
- govolution/avet: AntiVirus Evasion Tool
- gentilkiwi/mimikatz: A little tool to play with Windows security
- huntergregal/mimipenguin: A tool to dump the login password from the current linux user
- skelsec/pypykatz: Mimikatz implementation in pure Python
- mkaring/ConfuserEx: An open-source, free protector for .NET applications
- tkmru/awesome-linux-rootkits: a summary of linux rootkits published on GitHub
- CheckPointSW/Evasions: Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
- 3intermute/linux_syscall_hook: system call hooking on arm64 linux via a variety of methods
- packing-box/awesome-executable-packing: A curated list of awesome resources related to executable packing
- ElliotAlderson51/Fsociety-RAT: Fsociety RAT, The Open Source C++ Remote Administration Tool (RAT)
- s9rA16Bf4/go-evil: Customizing evil has never been so easy
- S3cur3Th1sSh1t/OffensiveVBA: This repo covers some code execution and AV Evasion methods for Macros in Office documents
- S3cur3Th1sSh1t/Amsi-Bypass-Powershell: This repo contains some Amsi Bypass methods i found on different Blog Posts.
- hfiref0x/UACME: Defeating Windows User Account Control
blogs
- TheXcellerator
- vx-underground
- 0xPat blog – Red/purple teamer
- The Wover – Red Teaming, .NET, and random computing topics
- cocomelonc
- Malware Development – Welcome to the Dark Side: Part 1 - Checkmate
- TMZ Lair - Underground Coding
- The Art of Malware
- Evasion techniques
- https://smarinovic.github.io/
- Capt. Meelo
- How to Build Obfuscated Macros for your Next Social Engineering Campaign
- Malicious Macros for Script Kiddies - TrustedSec
- XIT – Medium
- Linux.Midrashim: Assembly x64 ELF virus | TMZ Lair - Underground Coding
- Creating a Rootkit to Learn C - The Human Machine Interface
- (nearly) Complete Linux Loadable Kernel Modules
- Engineering antivirus evasion – Sec Team Blog
- Hidden in PEB Sight: Hiding Windows API Imports With a Custom Loader
- A Brief Survey of Code Obfuscation Techniques
- 100% evasion - Write a crypter in any language to bypass AV – Sam's Hacking Wonderland
youtube
- (6) TheSphinx - YouTube
- (6) Joey Abrams - YouTube
- (6) w3w3w3 - YouTube
- (6) Cosmodium CyberSecurity - YouTube
- (6) crow - YouTube
- (6) ActiveXSploit - YouTube
- AMSI.fail
malware analysis
tools
- matterpreter/DefenderCheck: Identifies the bytes that Microsoft Defender flags on.
- rasta-mouse/ThreatCheck: Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
- Feodo Tracker
- SSLBL | Detecting malicious SSL connections
- URLhaus | Malware URL exchange
- ThreatFox | Share Indicators Of Compromise (IOCs)
- Sysinternals Utilities - Sysinternals | Microsoft Learn
sandboxes
- ANY.RUN - Interactive Online Malware Sandbox
- Free Automated Malware Analysis Service - powered by Falcon Sandbox
- VirusTotal - Home
resources
- ytisf/theZoo: A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
- Malpedia (Fraunhofer FKIE)
- MalwareBazaar | Malware sample exchange
- Vitali Kremez | Ethical Hacker | Reverse Engineer
- zerosum0x0
- MalwareTech
- albertzsigovits/malware-writeups: Personal research and publication on malware families
- kh4sh3i/Ransomware-Samples: Small collection of Ransomware organized by family.
- MalShare
- Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
shells
- Online - Reverse Shell Generator
- php-reverse-shell/php-reverse-shell.php at master · pentestmonkey/php-reverse-shell
miscellaneous
- CyberChef
- WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free
- 4shared.com - free file sharing and storage
- Transfer Big Files Free - Email or Send Large Files
- Pastebin.com - #1 paste tool since 2002!
- Barcode Reader. Free Online Web Application
- rot13.com
- Vigenere Cipher - Online Decoder, Encoder, Solver, Translator
- Brainfuck Language - Online Decoder, Translator, Interpreter
- Online JavaScript beautifier
- iLovePDF | Online PDF tools for PDF lovers
- Compress JPEG Images Online
- Compress images online - Reduce your image size online and for free
blogs & resources
blogs
- Hacking Articles - Raj Chandel's Blog
- Web Security Blog - PortSwigger
- The DigiNinja Blog - DigiNinja
- Blog | hackers-arise
- Home | S3cur3Th1sSh1t
- TECH BLOG — Improsec | improving security
- Ethical hacking and penetration testing - InfoSec, IT, Kali Linux, BlackArch
- Shell is Only the Beginning
- ihazomgsecurityskillz
- Become a bug bounty hunter - Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com
- Help Net Security - Cybersecurity News
- NCC Group Research Blog | Making the world safer and more secure
- Research | Trellix Stories
- Andrey Konovalov | Andrey Konovalov
- The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0 | NetSec Focus
- Guide To Using Reverse Image Search For Investigations - bellingcat
youtube
- (6) Marcus Hutchins - YouTube
- (6) Black Hat - YouTube
- (6) DEFCONConference - YouTube
- (6) IppSec - YouTube
- (6) John Hammond - YouTube
- (6) NetworkChuck - YouTube
- (6) The Cyber Mentor - YouTube
- (6) HackerSploit - YouTube
- (6) David Bombal - YouTube
- (6) InsiderPhD - YouTube
- (6) jhaddix - YouTube
- (6) Tom Hudson - YouTube
- (6) STÖK - YouTube
- (6) Hak5 - YouTube
- (6) Null Byte - YouTube
- (6) LiveOverflow - YouTube
- (6) NahamSec - YouTube
- (6) zSecurity - YouTube
- MITRE ATT&CK®
forums
- 0x00sec - The Home of the Hacker
obfuscation
command prompt
- danielbohannon/Invoke-DOSfuscation: Cmd.exe Command Obfuscation Generator & Detection Test Harness
python
- Oxyry Python Obfuscator - The most reliable python obfuscator in the world
- pyarmor · PyPI
- PyObfx/PyObfx: Python Obfuscator & Packer
php
- PHP Obfuscator
powershell
- danielbohannon/Invoke-Obfuscation: PowerShell Obfuscator
- JoelGMSec/Invoke-Stealth: Simple & Powerful PowerShell Script Obfuscator
- tokyoneon/Chimera: Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
javascript
- JS Obfuscator
C/C++
- C/C++ Obfuscator - Obfuscate your C/C++ source code for free and online
.NET
- yck1509/ConfuserEx: An open-source, free protector for .NET applications
privilege escalation
windows
- PEASS-ng/winPEAS at master · carlospolop/PEASS-ng · GitHub
- itm4n/PrivescCheck: Privilege Escalation Enumeration Script for Windows
- bitsadmin/wesng: Windows Exploit Suggester - Next Generation
- GhostPack/Seatbelt: Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
linux
- PEASS-ng/linPEAS at master · carlospolop/PEASS-ng · GitHub
- rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
- The-Z-Labs/linux-exploit-suggester: Linux privilege escalation auditing tool
- diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
- linted/linuxprivchecker: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
passwords, hashes & wordlists
default passwords
- Default Passwords | CIRT.net
- List of Router Default Passwords For All Brands [Tried & Tested]
wordlists
- Mebus/cupp: Common User Passwords Profiler (CUPP)
- danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
- Assetnote Wordlists
- digininja/CeWL: CeWL is a Custom Word List Generator
cracking
- Hashkiller.io - List Manager
- CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
- SHAttered
- Online Password Hash Crack - MD5 NTLM Wordpress Joomla WPA PMKID, Office, iTunes, Archive, ..
- RsaCtfTool/RsaCtfTool: RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
- example_hashes [hashcat wiki]
- Cmd5 - MD5 Online ,MD5 Decryption, MD5 Hash Decoder
- GPUHASH.me - online WPA/WPA2 PMKID cracker and MD5,SHA1,SHA256,MD5CRYPT,NTLM,bcrypt,vBulletin,IPB,BTC/LTC wallet password recovery
- Recovery of Password from Office documents (XLSX / DOCX), ZIP files and Hashes (Cisco, SHA1, MD5)
- Md5 Online Decrypt & Encrypt - Compare your hash with our Database
- Decrypt MD5, SHA1, MySQL, NTLM, SHA256, SHA512, Wordpress, Bcrypt hashes for free online
practice
- TryHackMe | Cyber Security Training
- Hack The Box: Hacking Training For The Best | Individuals & Companies
- Vulnerable By Design ~ VulnHub
- Web Security Academy: Free Online Training from PortSwigger
- OverTheWire: Wargames
- Command Challenge!
- Proving Grounds: Virtual Pentesting Labs | Offensive Security
- Virtual Hacking Labs | Penetration Testing Training Labs & Courses
- Hack This Site
- PentesterLab: Our exercises
- HBH: Learn how hackers break in, and how to keep them out.
- Free Cybersecurity Training and Career Development | Cybrary
- https://amanhardikar.com/mindmaps/Practice.html
Bookmarks Toolbar
linuxPrivilegeEscalation
- PayloadsAllTheThings/Methodology and Resources/Linux - Privilege Escalation.md at master · swisskyrepo/PayloadsAllTheThings · GitHub
- PentestGPT
- ChatGPT
- FreeTraining
- explainshell
- hackSplaining
- TempMail
- Shodan
- live - Google Drive
- PatrikHudak
- Keep
- Shell
- Translate
- bWAPP
- Tecmint
- Hacker101 CTF
- SecurityZines
- CySec
- Notion
Other Bookmarks
GitHub
CTF
- GitHub - apsdehal/awesome-ctf: A curated list of CTF frameworks, libraries, resources and softwares
- GitHub - SandySekharan/CTF-tool: A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares.
- GitHub - SanketBaraiya/ctf-writeup: All Write-up pushed by RasyidMF. This repository is created for private or public learning purposes
- GitHub - SanketBaraiya/CTFlearn-Solutions: Writeups Of CTFlearn Challenges
- GitHub - MrMugiwara/CTF-Tools: Useful CTF Tools
- GitHub - Ignitetechnologies/Vulnhub-CTF-Writeups: This cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.
- Aperi'Solve
- Recommended Tools for CTF – Howard University CyberSecurity Center (internal student wiki)
- GitHub - RsaCtfTool/RsaCtfTool: RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data
- GitHub - ius/rsatool: rsatool can be used to calculate RSA and RSA-CRT parameters
Bug Hunting github
- GitHub - EdOverflow/bugbounty-cheatsheet: A list of interesting payloads, tips and tricks for bug bounty hunters.
- GitHub - infoslack/awesome-web-hacking: A list of web application security
- GitHub - ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
- GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- GitHub - djadmin/awesome-bug-bounty: A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
- GitHub - devanshbatham/Awesome-Bugbounty-Writeups: A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
- GitHub - dwisiswant0/awesome-oneliner-bugbounty: A collection of awesome one-liner scripts especially for bug bounty tips.
- GitHub - foospidy/payloads: Git All the Payloads! A collection of web attack payloads.
- GitHub - alexbieber/Bug_Bounty_writeups: BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔
- GitHub - EdOverflow/can-i-take-over-xyz: "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
- GitHub - s0md3v/AwesomeXSS: Awesome XSS stuff
- GitHub - HernanRodriguez1/Dorks-Shodan-2023: Shodan Dorks 2023
- GitHub - errorfiathck/ssrf-exploit: an exploit of Server-side request forgery (SSRF)
- GitHub - EdOverflow/can-i-take-over-xyz: "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
- GitHub - robotshell/magicRecon: MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
- GitHub - KingOfBugbounty/KingOfBugBountyTips: Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
- vavkamil/awesome-bugbounty-tools: A curated list of various bug bounty tools
- un9nplayer/AutoRecon-XSS: AutoRecon-XSS is a script designed for automated reconnaissance of XSS vulnerabilities. It crawls the target URL or alive domains, extracts potential vulnerable URLs, and checks them for XSS vulnerabilities.
- daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)
- NafisiAslH/KnowledgeSharing
- devanshbatham/Awesome-Bugbounty-Writeups: A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
- GitHub - mandatoryprogrammer/xsshunter-express: An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
- GitHub - payloadbox/command-injection-payload-list: 🎯 Command Injection Payload List
Hacking
OSINT
- GitHub - jivoi/awesome-osint: :scream: A curated list of amazingly awesome OSINT
- GitHub - SharadKumar97/OSINT-SPY: Performs OSINT scan on email/domain/ip_address/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target. If you want to ask something please feel free to reach out to me at robotcoder@protonmail.com
- GitHub - giuliacassara/awesome-social-engineering: A curated list of awesome social engineering resources.
- GitHub - carpedm20/awesome-hacking: A curated list of awesome Hacking tutorials, tools and resources
- GitHub - secfigo/Awesome-Fuzzing: A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
WordLists
- GitHub - orwagodfather/My-WordLISTs
- GitHub - TheSpeedX/PROXY-List: Get PROXY List that gets updated everyday
- orwagodfather/WordList
- orwagodfather/My-WordLISTs
- orwagodfather/My-Cool-WordList-For-Fuzz-and-Bugs
- payloadbox/xss-payload-list: 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
- Awesome-Hacking/README.md at master · Hack-with-Github/Awesome-Hacking · GitHub
MindMaps
- GitHub - imran-parray/Mind-Maps: Mind-Maps of Several Things
- GitHub - jassics/security-study-plan: Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
- GitHub - iSPYadav01/Linux-Tutorials-and-Installation: Installation of Various Tools,Application and Operating System
- GitHub - Ignitetechnologies/Web-Application-Cheatsheet: This cheatsheet is aimed at the CTF Players and Beginners to help them understand Web Application Vulnerablity with examples.
- Ignitetechnologies/Mindmap: This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them
- sam5epi0l/Beginner-Bug-Bounty-Automation: Many script that can be modified according to your needs for Information Gathering and Asset discovery in Bug Bounty Hunting (Pull requests are welcome!)
WriteUps
- GitHub - 1hack0/Facebook-Bug-Bounty-Write-ups: Hunting Bugs for Fun and Profit
- GitHub - gauravnarwani97/Trishul: Burp Extension written in Jython to hunt for common vulnerabilities found in websites. Developed by Gaurav Narwani to help people find vulnerabilities and teach how to exploit them.
- GitHub - Dheerajmadhukar/back-me-up: This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly.
- GitHub - hasanfirnas/symbiote: Your target's phone's front and back cameras📸 can be accessed by sending a link🔗.
- GitHub - hakluke/hakip2host: hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
- GitHub - luong-komorebi/Awesome-Linux-Software: 🐧 A list of awesome Linux softwares
- GitHub - hahwul/WebHackersWeapons: ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
- Cyber-Guy1 (Cyber Guy) · GitHub
- tomnomnom (tomnomnom) / Repositories
- hahwul (hahwul) / Repositories
- zigoo0/ArabicWebAppsPentesting: This repo will contain POC, demo files, and any links given during the Arab web application penetration testing course.
Bug Hunting
- Bug Bounty Tips - InfosecMatter
- DistroWatch.com: Put the fun back into computing. Use Linux, BSD.
Tools
- GitHub - zidansec/subscan: Subscan is a simple tool for subdomain scanner, it can scan subdomains fast.
- GitHub - dwisiswant0/crlfuzz: A fast tool to scan CRLF vulnerability written in Go
- GitHub - HalilDeniz/Dosinator: DoSinator is a powerful Denial of Service (DoS) testing tool developed in Python.
- GitHub - SirCryptic/wardriver: bash script to automate wardriving tasks. (Wi-Fi & Bluetooth)
- GitHub - mzfr/liffy: Local file inclusion exploitation tool
- GitHub - r3nt0n/bopscrk: Generate smart and powerful wordlists
- GitHub - RustScan/RustScan: 🤖 The Modern Port Scanner 🤖
- GitHub - un1cum/Beast_Bomber: The best open source bomber / Лучший open source бомбер
- grep.app | code search
- Pricing | FullHunt
- Pipl | The world’s #1 source for digital identity and trust data
- LeakIX - About
- Netlas
- searchcode | source code search engine
- URL and website scanner - urlscan.io
- Home - SOCRadar® Extended Threat Intelligence
- BinaryEdge
- IVRE — Network recon framework
- Threat Intelligence - Pulsedive
- Netlas
- Exposure Management and Threat Hunting Solutions | Censys
- Cmd5 - MD5 Online ,MD5 Decryption, MD5 Hash Decoder
- Pastebin.com - #1 paste tool since 2002!
- Bug Bounty Helper
- Become a bug bounty hunter - Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com
- Certbot
- Have I Been Pwned: Pwned Passwords
- Censys Search
- Hunter Search Engine
- HTML5 Security Cheatsheet
- Most recent entries - CVE-Search
- ViewDNS.info - Your one source for DNS related tools!
- Google Hacking DB
- Google Hacking - Free Google Dorks for Recon - Pentest-Tools.com
- XSS Scanner - Online Scan for Cross-site Scripting Vulnerabilities
- 404 Not Found
- CVE - CVE
- CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
- Hash Type Identifier - Identify unknown hashes
- Entrust Certificate Search - Entrust, Inc.
- CyberChef
- Vulnerability & Exploit Database - Rapid7
bug bounty platforms
- FireBounty | The Ultimate Vulnerability Disclosure Policy and Bug Bounty List!
- Synack | Premier Security Testing Platform
- Intigriti - Bug Bounty & Agile Pentesting Platform
- #1 Crowdsourced Cybersecurity Platform | Bugcrowd
- Global Bug Bounty & Vulnerability Management Platform | YesWeHack
- HackerOne | #1 Trusted Security Platform and Hacker Program
- Login - Hackenproof
- Coordinated Vulnerability Disclosure programs
- 漏洞盒子 - 中国领先的漏洞平台与白帽社区|安全众测与安全运营服务平台
- Bug Bounty
- Blockchain Security Services Company - Web3, Crypto, DeFi | Hacken
- https://detectify.com/
- Google and Alphabet Vulnerability Reward Program (VRP) Rules - Rules - About - Google Bug Hunters
- Pentest as a Service | Cobalt
- Free Bug Bounty Program and Coordinated Vulnerability Disclosure | Open Bug Bounty
- VULNERABILITY LAB - SECURITY VULNERABILITY RESEARCH LABORATORY - Best Independent Bug Bounty Programs, Responsible Disclosure & Vulnerability Coordination Platform - INDEX
- Yogosha | VOC / Vulnerability Operations Center
- CyberArmyID | #1 Crowdsourced Cyber Security Platform in Indonesia
- Antihack | Website Vulnerability Finders
- Red Storm Entertainment
- BugBounty.jp
engine
- BugBountyHunting.com - A community-curated Resource for Bug Bounty Hunting
- CVE Database - Security Vulnerabilities and Exploits | Vulners.com
- ONYPHE | Attack Surface Management & Cyber Defense Search Engine
- FOFA Search Engine
- Search Engine for Source Code - PublicWWW.com
- BinaryEdge Portal
- GreyNoise Visualizer
- ZoomEye - Cyberspace Search Engine
- netograph.io ~ mapping the deep structure of the web.
- WiGLE: Wireless Network Mapping
- Intelligence X
- Domain Search
- Have I Been Pwned: Check if your email has been compromised in a data breach
- crt.sh | Certificate Search
- DNSdumpster.com - dns recon and research, find and lookup dns records
Practice
- CTF365 - Capture The Flag | Security Training Platform
- Hacking-Lab
- http://pwnable.kr/
- io.netgarage.org
- SmashTheStack Wargaming Network
- Microcorruption
- Reversing.Kr
- Hack This Site
- Welcome – W3Challs Hacking Challenges
- Home - RingZer0 Online CTF
- HBH: Learn how hackers break in, and how to keep them out.
- CTFtime.org / All about CTF (Capture The Flag)
- Bienvenue [Root Me : plateforme d'apprentissage dédiée au Hacking et à la Sécurité de l'Information]
- Game of Hacks | Checkmarx
- Web Application Exploits and Defenses
- How to Catch a Cheater Effortlessly
- An Interactive Cyber Security Platform | Defend the Web
- Attack-Defense Online Lab
- alert(1) to win
- Capture the Flag - Application Security Challenge
- Command Challenge!
- Exploit Education :: Andrew Griffiths' Exploit Education
- Google CTF
- Hack The Box: Hacking Training For The Best | Individuals & Companies
- Hacker101 CTF
- Capture The Flag - CTF - A maior plataforma do Brasil - HackerSec
- Cybersecurity Training To Face Evolving Threats - Immersive Labs
- OverTheWire: Wargames
- PentesterLab: Learn Web Penetration Testing: The Right Way
- https://www.amanhardikar.com/mindmaps/Practice.html
- picoCTF - CMU Cybersecurity Competition
- https://pwnable.kr/play.php
- The 2022 SANS Holiday Hack Challenge
- Penetration test lab "Test lab" | Pentestit
- https://academy.hackaflag.com.br/
- https://labs.wizard-security.net/
- http://ctf.rootinjail.com/
- DownUnderCTF
- Hack This Site
- CTF365 - Capture The Flag | Security Training Platform
- Web Application Exploits and Defenses
- Supercar Showdown - Supercar Showdown
- flAWS
- CertMaster Learn + Labs Trial | CompTIA IT Certifications
hacking writeups
- Pentesting Wifi - HackTricks
- 80,443 - Pentesting Web Methodology - HackTricks
- External Recon Methodology - HackTricks
- Pentesting Methodology - HackTricks
- Web Penetration Testing - Hacking Articles
burp suite
- emadshanab/Burp-Bounty-free-Profiles-Collection
linuxPrivilegeEscalation
- Checklists/Linux-Privilege-Escalation.md at master · netbiosX/Checklists · GitHub
- Privilege Escalation - Linux · Total OSCP Guide
- Linux Privilege Escalation Guide(Updated for 2023)
- GitHub - Cerbersec/scripts: Collection of useful scripts and word lists
- GitHub - diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
- PEASS-ng/linPEAS at master · peass-ng/PEASS-ng · GitHub
- GitHub - rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
- GitHub - The-Z-Labs/linux-exploit-suggester: Linux privilege escalation auditing tool
- GitHub - diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
- GitHub - linted/linuxprivchecker: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
New Folder
windowsPrivilegeEscalation
- PayloadsAllTheThings/Methodology and Resources/Windows - Privilege Escalation.md at master · swisskyrepo/PayloadsAllTheThings · GitHub
- GitHub - gtworek/Priv2Admin: Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.
- GitHub - antonioCoco/RogueWinRM: Windows Local Privilege Escalation from Service Account to System
- Potatoes - Windows Privilege Escalation · Jorge Lajara Website
- Decoder's Blog – IT Security Tips and Tricks
- Windows Local Privilege Escalation | HackTricks
OSINT Services
Air & Space Tracking
- ADSB Exchange
- Flightware
- Radarbox
- Airportia
- HabHub
- Satellite Map
- SatelliteXplorer
- Live Satellite Worldmap
Land & Sea Tracking
- Open Railway
- Mobility Portal
- Open Train Times
- Open Satellite World Map
Camera Tracking
- Insecam
- World Webcams
- EarthCam
- fisgonia
- WorldCam
- OpenTopia
- Live Iceland Cams
Search Engines
- Shodan
- Censys
- GreyNoise
- ZoomEye
- Hunter.IO
- Wireless Device Database
Vuln DB
- Exploit DB
- Wordpress Vulnerabilities WPScan
- WordPress Vulnerability Database
- National Vuln Database
- CVE Details
- Packetstorm
- VulnDB
- CXSecurity Exploit Database
- Vulnerability Lab
Privacy and Security
- Electronic Frontier Foundation
- Surveillance Self Defense
- Email Privacy Self Defense
- GnuPG - HOWTOs
- Tor Project
- Onion Links
- DeepL Translator
- E2E Cloud Storage
- Quad9 DNS
- PrivacyTools
Learning Resources
Programming
- Learn Bash
- Learn Python
- Learn Go
- Learn Nim
- Learn C
- Learn C++
- Learn NodeJS
- Learn Java
- Learn PHP
System and Networking
- Linux Journey
- Linux Training
- Debian Handbook
- Arch Linux Wiki
- Networking Basics
- Networking Tutorials
- Data Communication and Computer Network
Training Labs
- Binary Exploit Training
- RIPSEC Binary Exploit Training
- Exploit Education Labs
- PortSwigger Web Exploit Lab
- PentesterLab
- OWASP WebGoat
- OWASP Secure Coding Dojo
Materials
- Open Security Training
- Pentest Standard
- OWASP Checklist
- Computer Security Student Tutorials
- Binary Exploit Learn
- GTFO Bins
- OWASP Pentest Checklist
- Parrot Open Books Collection
- Free Computer Books
Blogs and Researches
- Linux Privilege Escalation Cheatsheet 0xsp
- Linux Privilege Escalation Cheatsheet Redtm
- Offensive Windows IPC part 1: Named Pipes
- Offensive Windows IPC part 2: RPC
- Offensive Windows IPC part 3: ALPC
- Avoiding Memory Scanners
- s3cur3th1ssh1t Blog
- VX Underground
- Kernel Driver Exploit: System Mechanic
- Attacking Active Directory
- Black Hills InfoSec Blog
- x86Matthew Blog
- Sam Curry Blog
- Connor McGarr Blog
- ElectroVolt: Pwning Popular Desktop Apps
Hack The Box
- Hack The Box Home
- Hacking Labs
- Hack The Box Forum
- CyberSec Careers
- Hack The Box training
- Hack The Box Blog
- Hack The Box Guides
OSINT
individuals
- PimEyes: Face Recognition Search Engine and Reverse Image Search
- Username Search - Social Media Profile Lookup - IDCrawl
- CheckUsernames - Social Media Username Search by KnowEm
- FaceCheck - Reverse Image Search - Face Recognition Search Engine
- NameCheckup - Find Available Username
- WhatsMyName Web
- pictriev, face search engine
companies
- crt.sh | Certificate Search
- DNSdumpster.com - dns recon and research, find and lookup dns records
- 28 Online Vulnerability Scanners & Network Tools | HackerTarget.com
- Phonebook.cz - Intelligence X
- WHOIS Search, Domain Name, Website, and IP Tools - Who.is
- intoDNS: checks DNS and mail servers health
- URL and website scanner - urlscan.io
- Webpage archive
- Internet Archive: Digital Library of Free & Borrowable Books, Movies, Music & Wayback Machine
- BuiltWith Technology Lookup
- Hurricane Electric BGP Toolkit
- WordPress Recon and Security Testing | wprecon.com – Online WordPress Testing Tool to discover security related information and configuration issues.
- PageSpeed Insights
- Entrust Certificate Search - Entrust, Inc.
- Analyse your HTTP response headers
- IP and Domain Reputation Center || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
- Crunchbase: Discover innovative companies and the people behind them
- OSINT.SH - All in one Information Gathering Tools
- MAC Address Vendor Lookup | MAC Address Lookup
- Home | MAC Vendor Lookup Tool & API | MACVendors.com
emails
- Have I Been Pwned: Check if your email has been compromised in a data breach
- Temp Mail – The Best Temp Email Inbox
- Temp Mail - Temporary Email
- Find email addresses in seconds • Hunter (Email Hunter)
- Epieos, the ultimate OSINT tool
- Email Reputation Check, Email Risk Score Check | APIVoid
- Email Finder • Free email search for B2B sales | Snov.io
search engines
- Shodan Search Engine
- Exposure Management and Threat Hunting Solutions | Censys
- Google
- Yandex
- Yahoo Search - Web Search
- DuckDuckGo — Privacy, simplified.
- Home - ZoomEye really mapping,global leader of cyberspace mapping
- GreyNoise Visualizer
- SerpApi: Google Search API
- Google Hacking Database (GHDB) - Google Dorks, OSINT, Recon
geolocation
- Locate IP Address Lookup
- Online photo metadata and EXIF data viewer | Jimpl
- Photo Location & Online EXIF Data Viewer - Pic 2 Map
cameras
- Insecam - World biggest online cameras directory
- EarthCam - Webcam Network
wireless
- WiGLE: Wireless Network Mapping
- OSINT Framework
- jivoi/awesome-osint: A curated list of amazingly awesome OSINT
cheat sheets
web
- payloadbox/xss-payload-list: 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
- https://security.love/CSRF-PoC-Genorator/
- Bug Bounty Cheatsheet
- swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- dwisiswant0/awesome-oneliner-bugbounty: A collection of awesome one-liner scripts especially for bug bounty tips.
- daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)
- GTFOBins
- LOLBAS
- HackTricks - HackTricks
- blackc03r/OSCP-Cheatsheets: OSCP Cheatsheets
- Nmap Cheat Sheet 2023: All the Commands, Flags & Switches
- infosecn1nja/AD-Attack-Defense: Attack and defend active directory using modern post exploitation adversary tradecraft activity
- File Signatures
- explainshell.com - match command-line arguments to their help text
- Cheat Sheets | pentestmonkey
- Red Teaming Toolkit Collection -
malware development
code repos
- adamyaxley/Obfuscate: Guaranteed compile-time string literal obfuscation header-only library for C++14
- JustasMasiulis/inline_syscall: Inline syscalls made easy for windows on clang
- cinzinga/Evasion-Practice: A variety of AV evasion techniques written in C# for practice.
- jthuraisamy/SysWhispers: AV/EDR evasion via direct system calls.
- vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages.
- tarcisio-marinho/GonnaCry: A Linux Ransomware
- EgeBalci/EGESPLOIT: EGESPLOIT is a golang library for malware development
- cobbr/SharpSploit: SharpSploit is a .NET post-exploitation library written in C#
- not-sekiun/PyIris: PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.
- dmdhrumilmistry/pyhtools: A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.
- cdong1012/Rust-Ransomware: Ransomware written in Rust
- cocomelonc/peekaboo: Simple undetectable shellcode and code injector launcher example. Inspired by RTO malware development course.
- safesploit/PythonRAT: Command and Control (C2) server with backdoor acting as Remote Administration Trojan (RAT) written in Python3
- MrTuxx/OffensiveGolang: A collection of offensive Go packages inspired by different Go repositories.
- EddieIvan01/memexec: A library for loading and executing PE (Portable Executable) from memory without ever touching the disk
- Mahmoud7Osman/CVenom: CVenom is An Ultra Easy-To-Use Cross-Platform Malware Development Framework For Advanced Malware Development
- alichtman/malware-techniques: A collection of techniques commonly used in malware to accomplish core tasks.
- MalDev101/Loveware: Community driven computer worm
- LordNoteworthy/al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
- rootkit-io/awesome-malware-development: Organized list of my malware development resources
- sevagas/macro_pack: macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
- outflanknl/EvilClippy: A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
- Mr-Un1k0d3r/UniByAv
- govolution/avet: AntiVirus Evasion Tool
- gentilkiwi/mimikatz: A little tool to play with Windows security
- huntergregal/mimipenguin: A tool to dump the login password from the current linux user
- skelsec/pypykatz: Mimikatz implementation in pure Python
- mkaring/ConfuserEx: An open-source, free protector for .NET applications
- tkmru/awesome-linux-rootkits: a summary of linux rootkits published on GitHub
- CheckPointSW/Evasions: Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
- 3intermute/linux_syscall_hook: system call hooking on arm64 linux via a variety of methods
- packing-box/awesome-executable-packing: A curated list of awesome resources related to executable packing
- ElliotAlderson51/Fsociety-RAT: Fsociety RAT, The Open Source C++ Remote Administration Tool (RAT)
- s9rA16Bf4/go-evil: Customizing evil has never been so easy
- S3cur3Th1sSh1t/OffensiveVBA: This repo covers some code execution and AV Evasion methods for Macros in Office documents
- S3cur3Th1sSh1t/Amsi-Bypass-Powershell: This repo contains some Amsi Bypass methods i found on different Blog Posts.
- hfiref0x/UACME: Defeating Windows User Account Control
blogs
- TheXcellerator
- vx-underground
- 0xPat blog – Red/purple teamer
- The Wover – Red Teaming, .NET, and random computing topics
- cocomelonc
- Malware Development – Welcome to the Dark Side: Part 1 - Checkmate
- TMZ Lair - Underground Coding
- The Art of Malware
- Evasion techniques
- https://smarinovic.github.io/
- Capt. Meelo
- How to Build Obfuscated Macros for your Next Social Engineering Campaign
- Malicious Macros for Script Kiddies - TrustedSec
- XIT – Medium
- Linux.Midrashim: Assembly x64 ELF virus | TMZ Lair - Underground Coding
- Creating a Rootkit to Learn C - The Human Machine Interface
- (nearly) Complete Linux Loadable Kernel Modules
- Engineering antivirus evasion – Sec Team Blog
- Hidden in PEB Sight: Hiding Windows API Imports With a Custom Loader
- A Brief Survey of Code Obfuscation Techniques
- 100% evasion - Write a crypter in any language to bypass AV – Sam's Hacking Wonderland
youtube
- (6) TheSphinx - YouTube
- (6) Joey Abrams - YouTube
- (6) w3w3w3 - YouTube
- (6) Cosmodium CyberSecurity - YouTube
- (6) crow - YouTube
- (6) ActiveXSploit - YouTube
- AMSI.fail
malware analysis
tools
- matterpreter/DefenderCheck: Identifies the bytes that Microsoft Defender flags on.
- rasta-mouse/ThreatCheck: Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
- Feodo Tracker
- SSLBL | Detecting malicious SSL connections
- URLhaus | Malware URL exchange
- ThreatFox | Share Indicators Of Compromise (IOCs)
- Sysinternals Utilities - Sysinternals | Microsoft Learn
sandboxes
- ANY.RUN - Interactive Online Malware Sandbox
- Free Automated Malware Analysis Service - powered by Falcon Sandbox
- VirusTotal - Home
resources
- ytisf/theZoo: A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
- Malpedia (Fraunhofer FKIE)
- MalwareBazaar | Malware sample exchange
- Vitali Kremez | Ethical Hacker | Reverse Engineer
- zerosum0x0
- MalwareTech
- albertzsigovits/malware-writeups: Personal research and publication on malware families
- kh4sh3i/Ransomware-Samples: Small collection of Ransomware organized by family.
- MalShare
- Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
shells
- Online - Reverse Shell Generator
- php-reverse-shell/php-reverse-shell.php at master · pentestmonkey/php-reverse-shell
miscellaneous
- CyberChef
- WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free
- 4shared.com - free file sharing and storage
- Transfer Big Files Free - Email or Send Large Files
- Pastebin.com - #1 paste tool since 2002!
- Barcode Reader. Free Online Web Application
- rot13.com
- Vigenere Cipher - Online Decoder, Encoder, Solver, Translator
- Brainfuck Language - Online Decoder, Translator, Interpreter
- Online JavaScript beautifier
- iLovePDF | Online PDF tools for PDF lovers
- Compress JPEG Images Online
- Compress images online - Reduce your image size online and for free
blogs & resources
blogs
- Hacking Articles - Raj Chandel's Blog
- Web Security Blog - PortSwigger
- The DigiNinja Blog - DigiNinja
- Blog | hackers-arise
- Home | S3cur3Th1sSh1t
- TECH BLOG — Improsec | improving security
- Ethical hacking and penetration testing - InfoSec, IT, Kali Linux, BlackArch
- Shell is Only the Beginning
- ihazomgsecurityskillz
- Become a bug bounty hunter - Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com
- Help Net Security - Cybersecurity News
- NCC Group Research Blog | Making the world safer and more secure
- Research | Trellix Stories
- Andrey Konovalov | Andrey Konovalov
- The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0 | NetSec Focus
- Guide To Using Reverse Image Search For Investigations - bellingcat
youtube
- (6) Marcus Hutchins - YouTube
- (6) Black Hat - YouTube
- (6) DEFCONConference - YouTube
- (6) IppSec - YouTube
- (6) John Hammond - YouTube
- (6) NetworkChuck - YouTube
- (6) The Cyber Mentor - YouTube
- (6) HackerSploit - YouTube
- (6) David Bombal - YouTube
- (6) InsiderPhD - YouTube
- (6) jhaddix - YouTube
- (6) Tom Hudson - YouTube
- (6) STÖK - YouTube
- (6) Hak5 - YouTube
- (6) Null Byte - YouTube
- (6) LiveOverflow - YouTube
- (6) NahamSec - YouTube
- (6) zSecurity - YouTube
- MITRE ATT&CK®
forums
- 0x00sec - The Home of the Hacker
obfuscation
command prompt
- danielbohannon/Invoke-DOSfuscation: Cmd.exe Command Obfuscation Generator & Detection Test Harness
python
- Oxyry Python Obfuscator - The most reliable python obfuscator in the world
- pyarmor · PyPI
- PyObfx/PyObfx: Python Obfuscator & Packer
php
- PHP Obfuscator
powershell
- danielbohannon/Invoke-Obfuscation: PowerShell Obfuscator
- JoelGMSec/Invoke-Stealth: Simple & Powerful PowerShell Script Obfuscator
- tokyoneon/Chimera: Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
javascript
- JS Obfuscator
C/C++
- C/C++ Obfuscator - Obfuscate your C/C++ source code for free and online
.NET
- yck1509/ConfuserEx: An open-source, free protector for .NET applications
privilege escalation
windows
- PEASS-ng/winPEAS at master · carlospolop/PEASS-ng · GitHub
- itm4n/PrivescCheck: Privilege Escalation Enumeration Script for Windows
- bitsadmin/wesng: Windows Exploit Suggester - Next Generation
- GhostPack/Seatbelt: Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
linux
- PEASS-ng/linPEAS at master · carlospolop/PEASS-ng · GitHub
- rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
- The-Z-Labs/linux-exploit-suggester: Linux privilege escalation auditing tool
- diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
- linted/linuxprivchecker: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
passwords, hashes & wordlists
default passwords
- Default Passwords | CIRT.net
- List of Router Default Passwords For All Brands [Tried & Tested]
wordlists
- Mebus/cupp: Common User Passwords Profiler (CUPP)
- danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
- Assetnote Wordlists
- digininja/CeWL: CeWL is a Custom Word List Generator
cracking
- Hashkiller.io - List Manager
- CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
- SHAttered
- Online Password Hash Crack - MD5 NTLM Wordpress Joomla WPA PMKID, Office, iTunes, Archive, ..
- RsaCtfTool/RsaCtfTool: RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
- example_hashes [hashcat wiki]
- Cmd5 - MD5 Online ,MD5 Decryption, MD5 Hash Decoder
- GPUHASH.me - online WPA/WPA2 PMKID cracker and MD5,SHA1,SHA256,MD5CRYPT,NTLM,bcrypt,vBulletin,IPB,BTC/LTC wallet password recovery
- Recovery of Password from Office documents (XLSX / DOCX), ZIP files and Hashes (Cisco, SHA1, MD5)
- Md5 Online Decrypt & Encrypt - Compare your hash with our Database
- Decrypt MD5, SHA1, MySQL, NTLM, SHA256, SHA512, Wordpress, Bcrypt hashes for free online
practice
- TryHackMe | Cyber Security Training
- Hack The Box: Hacking Training For The Best | Individuals & Companies
- Vulnerable By Design ~ VulnHub
- Web Security Academy: Free Online Training from PortSwigger
- OverTheWire: Wargames
- Command Challenge!
- Proving Grounds: Virtual Pentesting Labs | Offensive Security
- Virtual Hacking Labs | Penetration Testing Training Labs & Courses
- Hack This Site
- PentesterLab: Our exercises
- HBH: Learn how hackers break in, and how to keep them out.
- Free Cybersecurity Training and Career Development | Cybrary
- https://amanhardikar.com/mindmaps/Practice.html